mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into stix2
commit
c0525eaf4d
|
@ -311,6 +311,7 @@ sudo service apache24 restart
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
|
||||
chmod 0640 /usr/local/etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
|
|
|
@ -302,6 +302,7 @@ sudo systemctl restart apache2
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
|
|
|
@ -315,6 +315,7 @@ sudo systemctl restart apache2
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
|
|
|
@ -350,6 +350,7 @@ function installMISPonKali() {
|
|||
systemctl restart apache2
|
||||
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
|
@ -545,7 +546,6 @@ function installMISPonKali() {
|
|||
git clone git://github.com/stricaud/faup.git faup
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
$SUDO git checkout 96f2a9a51428869cac2473422b70ace890d5d95d
|
||||
$SUDO mkdir -p build
|
||||
cd build
|
||||
$SUDO cmake .. && $SUDO make
|
||||
|
|
|
@ -251,6 +251,7 @@ firewall-cmd --reload
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
8.01/ Allow logrotate to work under SELinux and modify the log files
|
||||
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
|
|
|
@ -205,6 +205,7 @@ sudo systemctl restart apache2
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
|
|
|
@ -206,6 +206,7 @@ service iptables save
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
|
|
|
@ -223,6 +223,7 @@ firewall-cmd --reload
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
# Now make logrotate work under SELinux as well
|
||||
# Allow logrotate to modify the log files
|
||||
|
|
|
@ -2335,7 +2335,7 @@ class EventsController extends AppController
|
|||
),
|
||||
'order' => array('Job.id' => 'desc')
|
||||
));
|
||||
$dir = new Folder(APP . 'tmp/cached_exports/' . $k);
|
||||
$dir = new Folder(APP . 'tmp/cached_exports/' . $k, true);
|
||||
if ($k === 'text') {
|
||||
// Since all of the text export files are generated together, we might as well just check for a single one md5.
|
||||
$file = new File($dir->pwd() . DS . 'misp.text_md5.' . $org_name . $type['extension']);
|
||||
|
|
|
@ -464,6 +464,11 @@ class StixBuilder():
|
|||
pattern = mispTypesMapping[attribute_type]['pattern'](attribute_type, attribute_value, b64encode(attribute.data.getbuffer()).decode()[1:-1]) if ('data' in attribute and attribute.data) else self.define_pattern(attribute_type, attribute_value)
|
||||
indicator_args = {'id': indicator_id, 'type': 'indicator', 'labels': labels, 'kill_chain_phases': killchain,
|
||||
'valid_from': self.misp_event.date, 'created_by_ref': self.identity_id, 'pattern': pattern}
|
||||
if hasattr(attribute, 'Sighting'):
|
||||
for sighting in attribute.Sighting:
|
||||
if sighting['Organisation']['name'] == self.misp_event.Orgc.name and sighting['type'] == "2":
|
||||
indicator_args['valid_until'] = datetime.datetime.fromtimestamp(int(sighting['date_sighting']), datetime.timezone.utc).isoformat()
|
||||
break
|
||||
if hasattr(attribute, 'comment') and attribute.comment:
|
||||
indicator_args['description'] = attribute.comment
|
||||
indicator = Indicator(**indicator_args)
|
||||
|
|
|
@ -237,9 +237,10 @@ class StixParser():
|
|||
self.misp_event.add_object(**misp_object)
|
||||
|
||||
def parse_attribute(self, o, labels):
|
||||
attribute_uuid = o['id'].split('--')[1]
|
||||
attribute_type = self.get_misp_type(labels)
|
||||
attribute_category = self.get_misp_category(labels)
|
||||
attribute = {'type': attribute_type, 'category': attribute_category}
|
||||
attribute = {'uuid': attribute_uuid, 'type': attribute_type, 'category': attribute_category}
|
||||
tags = [{'name': label} for label in labels[3:]]
|
||||
if tags:
|
||||
attribute['Tag'] = tags
|
||||
|
@ -248,19 +249,21 @@ class StixParser():
|
|||
value = o.get('name')
|
||||
else:
|
||||
if stix_type == 'indicator':
|
||||
o_date = o.get('valid_from')
|
||||
if hasattr(o, 'valid_until'):
|
||||
org_uuid = o['created_by_ref'].split('--')[1]
|
||||
attribute['Sighting'] = [{'type': '2', 'date_sighting': str(self.getTimestampfromDate(o['valid_until'])),
|
||||
'Organisation': {'uuid': org_uuid, 'name': self.event['identity'][org_uuid]['name']}}]
|
||||
pattern = o.get('pattern').replace('\\\\', '\\')
|
||||
value = self.parse_pattern_with_data(pattern) if attribute_type in ('malware-sample', 'attachment') else self.parse_pattern(pattern)
|
||||
attribute['to_ids'] = True
|
||||
else:
|
||||
o_date = o.get('first_observed')
|
||||
attribute['timestamp'] = self.getTimestampfromDate(o.get('last_observed'))
|
||||
observable = o.get('objects')
|
||||
try:
|
||||
value = self.parse_observable(observable, attribute_type)
|
||||
except Exception:
|
||||
print('Error with attribute type {}:\n{}'.format(attribute_type, observable), file=sys.stderr)
|
||||
attribute['to_ids'] = False
|
||||
attribute['timestamp'] = self.getTimestampfromDate(o_date)
|
||||
if 'description' in o:
|
||||
attribute['comment'] = o.get('description')
|
||||
if isinstance(value, tuple):
|
||||
|
|
Loading…
Reference in New Issue